Development by rilwag2612 · Pull Request #9 · sparkly-games/sparkly

rilwag2612 · 2026-02-16T20:34:28Z

Contributions

Check these FIRST. If this fails, the Contribution won't be accepted.

Use HTTPS everywhere
- Prevents basic eavesdropping and man-in-the-middle attacks.
Input validation and sanitization
- Prevents XSS attacks by validating all user inputs.
Don't store sensitive data in the browser
- No secrets in localStorage or client-side code.
CSRF protection
- Implement anti-CSRF tokens for forms and state-changing requests.
Never expose API keys in frontend
- API credentials should always remain server-side.
- If already in use, do NOT modify otherwise the site will break.

Keep dependencies updated
- Most vulnerabilities come from outdated libraries.
Proper error handling
- Don't expose sensitive details in error messages.
Secure cookies
- Set HttpOnly, Secure and SameSite attributes.

rilwag2612 added 2 commits February 16, 2026 20:24

better ver.

ba87194

fix it

4dca2d4

rilwag2612 merged commit 59b0cba into main Feb 16, 2026
0 of 2 checks passed